b'Final Memorandum, \xe2\x80\x9cNASA\xe2\x80\x99s Implementation of Patch Management Software Is\nIncomplete\xe2\x80\x9d (IG-06-007, March 17, 2006)\n\nThe NASA Office of Inspector General (OIG) conducted an audit to determine whether\nNASA had established formal requirements, guidance, and milestones for\nimplementation of patch management software and whether NASA had fully\nimplemented an effective patch management process and capability. We found that\nwhile NASA had established formal requirements, guidance, and milestones, two NASA\ncontractors had not fully implemented the patch management software as required by the\nNASA Chief Information Officer (CIO). We recommended that the NASA CIO, in\ncoordination with the relevant contracting officers, take appropriate action to ensure that\ncontractors are complying with NASA requirements to implement an effective patch\nmanagement program, including the implementation of specific software for patch status\nreporting. We also recommended that the NASA CIO require the Centers to maintain\ninventories and use those inventories to ensure up-to-date installation of patch\nmanagement tools on all applicable computers. NASA management concurred with both\nrecommendations, stating that patch management language will be fully incorporated into\nrelevant contracts and that the NASA CIO will mandate that all Centers develop\ninventories and identify which computers have and or need installation of patch\nmanagement tools.\n\nThe memorandum contains NASA Information Technology/Internal Systems Data that is\nnot routinely released under the Freedom of Information Act (FOIA). To submit a FOIA\nrequest, see the online guide.\n\x0c'